On August 14, 2002 07:12 pm, Sascha Braun wrote: > So, the system() command allows a user only to start services in his own > home direktory? >
Uhm... I am a little confused, how does system() command relate to FTP access? Ilia > > > > ----- Original Message ----- > From: "Ilia A." <[EMAIL PROTECTED]> > To: "Sascha Braun" <[EMAIL PROTECTED]>; "PHP Mailingliste" > <[EMAIL PROTECTED]> > Sent: Thursday, August 15, 2002 1:36 AM > Subject: Re: [PHP] SESSION Security > > > On August 14, 2002 07:03 pm, Sascha Braun wrote: > > > So, if somebody gets an ftp account somehow, he will be able to get > > session > > > > vars via a system() command? > > > > If their FTP client allows them to go into the directory where session > > ids > > are > > > stored, then that user will be able to see current session ids. On most > > servers FTP clients are setup to only allow user access to their own home > > directory. > > > > Ilia > > > > > ----- Original Message ----- > > > From: "Ilia A." <[EMAIL PROTECTED]> > > > To: "Sascha Braun" <[EMAIL PROTECTED]>; "PHP Mailingliste" > > > <[EMAIL PROTECTED]> > > > Sent: Thursday, August 15, 2002 1:27 AM > > > Subject: Re: [PHP] SESSION Security > > > > > > > If a person 'somehow' gains read access to the directory where the > > > > > > sessions > > > > > > > are stored on your server, then yes it is possible for them to get > > > > the session id. > > > > > > > > Ilia > > > > > > > > On August 14, 2002 06:41 pm, Sascha Braun wrote: > > > > > Is it possible that someone from outside can read the session > > > > > stored on my webserver for getting unencrypted password and > > > > > usernames? > > > > > > > > > > Schura > > > > > > > > -- > > > > PHP General Mailing List (http://www.php.net/) > > > > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
